Security settings

This section lists Security options in the Atlas folder, how to change them, and their defaults.

All configuration files listed here are in the 7. Security folder within the Atlas folder on your Desktop.

Your Risk

Disabling security features is at your own risk, and you should only disable any security features if:

  • You know what it does
  • You know how to keep yourself safe without it

Atlas isn’t responsible for any damages caused by disabling security features against our recommendations.

Mitigations

Mitigations are software or hardware techniques that address security vulnerabilities or weaknesses in the CPU. They help prevent software (e.g., vulnerable games) from being exploited to remotely execute code on your system.

Atlas provides scripts and a prompt to enable or disable mitigations within Windows. Some older CPUs see significant performance gains from disabling mitigations. However, this benefit applies mainly to older CPUs. Newer CPUs (like Zen 4 CPUs) can be negatively impacted if you disable mitigations, as they are designed to work with these mitigations.

Atlas disables Fault Tolerant Heap by default. FTH applies non-CPU mitigations to repeatedly crashing processes, at the cost of significantly reduced performance. If you have consistent application crashes, try enabling FTH.

If you have disabled mitigations and face issues with anticheat software, run the Set Windows Default Mitigations.cmd script in the Mitigations folder. Alternatively, if you want the maximum security, you can use Enable All Mitigations.cmd, but that forces all mitigations to be enabled (unlike the Windows default), which can reduce performance significantly and may reduce compatibility.

Defender

Defender protects against many threats (ransomware, spyware). Some users disable it for privacy and performance on older hardware. Disabling Defender increases infection risk; Atlas doesn’t recommend it.

If you use another trustworthy antivirus program, you don’t need to disable Defender.

Atlas lets you fully toggle Defender at a component level. Run Toggle Defender.cmd in the Defender folder to enable or disable it. The folder also contains tweaks for Defender and Windows Security.

Core isolation

Core isolation is a Windows security feature that protects core processes from malicious software by running them in a virtualized environment.

Core isolation protects against vulnerabilities in Windows core processes. It has a significant performance cost, especially on older CPUs. We recommend disabling it for most users—the performance impact outweighs the security benefits.

For Windows 11 users, Core isolation features are typically enabled by default, as long as your CPU supports Windows 11.

The Core Isolation (VBS) folder contains Current Configuration.ps1 to check which Core isolation features are available and configured, plus shortcuts to Core isolation settings. AME Beta also has a prompt to disable Core isolation.

Core isolation features

Note that not all features may be available, depending on your hardware security support and Windows edition. Windows 11 should generally have more Core isolation features.

  • Memory integrity - Also known as HVCI or ‘Hypervisor-protected Code Integrity’ - Like a security guard between the core components of Windows
  • Credential Guard - Protects lsass.exe by preventing attackers from stealing/dumping credentials from it - lsass.exe contains lots of authentication tokens used by Windows
  • Microsoft Vulnerable Driver Blocklist - A blocklist to block drivers with known security vulnerabilities, as drivers have unrestricted access to a system
  • Firmware protection - Protects against a compromised UEFI/BIOS
  • Memory access protection - Also known as ‘Kernel DMA protection’ - Prevents attacks that can occur when a malicious PCI device is plugged in - A malicious PCI device could be plugged in through a Thunderbolt port, as an example
  • Kernel-mode Hardware-enforced Stack Protection - Protects against Return-Oriented Programming (ROP) attacks

UAC

UAC (User Account Control) is a feature in Windows that helps control what changes software can make to your computer. It helps protect against applications malfunctioning or making harmful changes to your computer.

Note that most sophisticated malware can bypass UAC easily. The only reliable way to protect yourself against UAC bypasses is to set UAC to the maximum level.

When UAC is disabled, everything will be run as Administrator. On the current version of Atlas, it is enabled by default. To disable it, run the Disable UAC.cmd script in the User Account Control (UAC) folder.

Firewall

Firewall is a built-in Windows feature that blocks unwanted connections. Atlas keeps it enabled by default to enhance system security. To disable it, run the Disable Windows Firewall.cmd script in the Firewall folder.

Next steps